Cyber criminals and robots could be hacking into your organisation right now - to steal yours or your customers’ data.
Although criminals can attack anyone, QA’s new research shows that it is the easy targets that organisations are focussing on educating in cyber security - to reduce their organisation’s vulnerability. Employees rarely have the most up-to-date information on the current methods that cyber criminals use to attack them or the business because hackers are continually improving their methods. This, therefore, is causing organisations to be extremely vulnerable to an attack.
In QA’s exclusive research, undertaken last month - 25% of organisations have employee awareness and training in their top priorities, as well as upskilling their cyber teams (22%) and cross-skilling their IT teams (18%). Organising specialist technical training will, most often, sit within the CIO’s teams, but general employee awareness and training needs to be a joint effort of the HR function and the technical teams.
Given that the majority of organisations seeing the threat of a cyber-attack as being ‘much worse’ in recent years, this is something that should be to be readdressed within HR and L&D's priorities, if it is not already part of their agenda.
It is highly likely that one of your employees could receive a ‘phishing email’ today; the most common type of cyber-criminal activity. Research shows that 1 in 3 employees are duped into giving up their credentials when targeted with a phishing email. HR professionals can play a part in assisting with this to ensure that they are working collaboratively with IT and cyber teams to prevent employees being tricked into passing over private information, or data getting intercepted through cloud-based file storage and sharing.
So, as an HR professional or manager of people - what can you do about it?
This video provides some practical tips for HR professionals and managers to help you to protect your organisation from cyber-attacks.
It is vital to ensure that your staff have practical cyber security experience. There are dedicated training programmes for non-technical staff, or those outside of the IT and cyber teams, available and definitely worth the investment to accompany your ongoing awareness plan, driven by the HR team (supported by the cyber or IT team, or vice-versa). With the new data laws looming (GDPR) – if a company is deemed to have put their customers data at risk – they risk paying a 4% fine (of their entire global turnover).
So, moving towards a culture of formal training for all employees handing sensitive data is definitely something to seriously consider, and a worthwhile investment of resources.